The present invention improves the security of KVM switching systems and remote device management systems by using RFID technology to prevent unauthorized remote access to computers, servers, network, equipment, etc.
As is known in the art, a KVM switching system may be utilized to allow one or more user workstations to select and control any one of a plurality of remote computers via one or more switching units. Such systems are well known in the art and have been used by system administrators for over 10 years. Specifically, a KVM switching system allows a system user to control a remote computer using a local user workstation's keyboard, video monitor, and mouse as if these devices are directly connected to the remote computer. In this manner, a user may access and control a plurality of remote computers, such as servers, from a single location (i.e., the location of the user workstation).
The system user may select a specific remote computer to access or control using any one of a variety of methods known in the art including: pushing a button on the face of a switching system component that corresponds with the desired remote computer, selecting the computer from a list displayed on a switching system component's LCD or LED display, pressing one or more hot keys on the local user workstation's keyboard (e.g., F1, ALT-F1, F2, etc.), or selecting the remote computer from a list displayed on the user workstation's monitor by pointing to it or scrolling to it using the user workstation's keyboard and/or mouse, etc. This list is exemplary only and not intended to limit the scope of the claims, as many other methods are known in the art.
Many of the earlier developed KVM switching systems required that the user workstation be within a certain distance of the remote device. For example, many of these systems transmit signals over extended-length CAT5 cables where severe signal degradation tends to occur when the length of the cable exceeds fifteen hundred (1500) feet. However, due to the increasing complexity of an organization's networks, it is often desirable to manage networking equipment, servers, and computers that are remotely located from the system administrator. For example, in distributed systems, remote devices may be dispersed across a city, a country, or even the world. In these configurations, basic KVM switching systems are inadequate. Thus, remote device management systems are often used in lieu of, or in conjunction with, KVM switching systems.
Remote device management systems utilize existing networks (e.g., the Internet, a local area network (“LAN”), a wide area network (“WAN”), a wireless network, a modem connection, etc.) to enable a user to operate a remote computer from a user workstation. For example, a remote management solution may comprise a KVM switch which is accessible over the Internet or LAN via a common protocol, such as TCP/IP. Such solutions may also offer modem or wireless access.
To access remote management systems, generally, a user or system administrator uses an Internet web-browser or proprietary software stored on a standard or specialized computer. Once a remote computer has been selected by the user for control, the video signals of the remote computer are transmitted to the user workstation's video monitor. Simultaneously, keyboard and/or mouse signals are sent from the user station to the remote computer through the network. The system may additionally include a connection to the power source of the remote computer for a hard reboot in case of system failure.
Whereas KVM switching systems transmit analog video signals, remote device management systems must digitize video signals before transmitting the signals over a TCP/IP network. Further, because of bandwidth constraints, remote device management systems generally utilize compression algorithms to reduce the necessary bandwidth required to transmit the digital video signals. For example, a remote network management system may use the compression algorithm disclosed in U.S. patent application Ser. No. 10/233,299, which is incorporated herein by reference, to reduce and compress the digital data that must be transmitted to the remote computers and/or video display devices.
Whenever a KVM or remote management system is employed, security is a great concern. By enabling remote access to computers and devices that may otherwise be secure, a KVM or remote device management system may leave such devices vulnerable to unauthorized use. Remote management systems that enable TCP/IP or Internet access are especially prone to security problems because there is no distance limitation between the user workstation and the remote devices connected to the system.
In light of the remote access to potentially sensitive information offered by KVM and remote management systems, many such systems require that a user enter identification information (e.g., a user name and password) in order to gain access to the system. Biometric identification has also been proposed as a method of preventing unauthorized access. These methods provide some security, but are still prone to security failures. For example, it is often easy to obtain or guess a user name and password. Further, biometric identification is prone to tampering and is often inconvenient to the user. Finally, in all such systems, user-error can leave the system open to unauthorized use. For example, if a user forgets to log-out of the system, an unauthorized user can easily gain access. Unauthorized access to a KVM or remote device management system may be especially problematic because it gives a user direct access to the devices, servers and computers. Often companies provide this access to all computers in a network so that system administrators can re-boot or reconfigure the devices, or copy and move sensitive information between computers. Clearly, with such access it is imperative to provide maximum security.
Therefore, a clear need exists for KVM and remote management systems that provide a more secure method of preventing unauthorized access. One solution is to incorporate RFID or similar technology into KVM systems. This solution results in allowing authorized users to access the system.
RFID is a technology that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency (“RF”) portion of the electromagnetic spectrum to uniquely identify an object, animal, or person. Typical systems that utilize RFID technology consist of three (3) components: (1) an antenna or coil; (2) a transceiver (with decoder); and (3) a transponder (“RFID tag”) electronically programmed with unique information (e.g., a unique identification number). Generally, the antenna is coupled to the transceiver (collectively referred to herein as an “RFID transceiver”) to communicate with any number of RFID tags. The RFID tag can be a small wearable tag or pin, or may be embedded within a user ID badge or equivalent.
Normally, during operation, the antenna (coupled to the transceiver), emits radio signals to activate the tag and read or write data to it. Depending on the power output and the frequency used by the antenna, the range of communications may be anywhere from one inch to one hundred (100) feet or more. When the RFID tag receives the emitted radio signals, it transmits data in response. This data is received and decoded by the RFID transceiver. The RFID transceiver may then pass the data to the device that the user wishes to access for processing, storage, etc.
Additionally, RFID tags may be active or passive. Active tags are powered by an internal battery and are typically read/write devices. Passive tags do not need a power source, and instead, obtain operating power generated from the RFID transceiver. Thus, advantageously, passive tags may be smaller and lighter in weight than active tags.
A significant advantage of RFID systems is the non-contact, non-line-of-sight nature of the technology. A user can wear an RFID tag on their person and the transceiver will automatically sense the tag when it is in range. Another intrinsic advantage of RFID systems is that each RFID tag contains a “globally unique” identification number. Thus, the same RFID tag can be used across multiple systems. In short, an RFID tag can be used as a universal form of identification. Currently, systems are known in the art that utilize RFID for diverse applications ranging from tracking animal migration patterns to preventing theft of merchandise.
In view of the foregoing, a need clearly exists for a secure remote device management system with advanced security features, such as RFID technology, to restrict access to the system. The system should restrict access to computers, servers, devices, and other equipment accessible via remote network management systems to authorized users. Such a system should be capable of integrating RFID security with other methods such as those requiring a user identification number, password, or biometric identification. The system should aid in managing remote computing environments, without comprising the security of such environments thereby reducing the need to have an on-site system administrator.